A PKI consisting of only a CA that cross-certifies with CAs of some other PKIs. (See: cross-certification. Compare: bridge.)
A PKI consisting of only a CA that cross-certifies with CAs of some other PKIs. (See: cross-certification. Compare: bridge.)
Tutorial: A bridge CA functions as a hub that enables a certificate user in any of the PKIs that attach to the bridge, to validate certificates issued in the other attached PKIs.
For example, a bridge CA (BCA) CA1 could cross-certify with four ^ PKIs that have the roots CA1, | CA2, CA3, and CA4. The cross- v certificates that the roots CA2 <-> BCA <-> CA3 exchange with the BCA enable an ^ end entity EE1 certified under | under CA1 in PK1 to construct v a certification path needed to CA4 validate the certificate of end entity EE2 under CA2, CA1 -> BCA -> CA2 -> EE2 or vice versa. CA2 -> BCA -> CA1 -> EE1